[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: well-formedness error
On Jun 16, 2004, at 4:29 PM, Sam Ruby wrote:
As far as I know, NONE of the popular libraries, on all the popular
platforms, and in all the popular languages, take RFC 3023 into
consideration. Nor do they provide ANY mechanism for the caller to
indicate the "Presence of External Encoding Information" [1].
I generally find it hard to get upset about this, since *if* the body
is XML, if the software cheerfully ignores the headers and points an
XML parser at it, the encoding will get sorted out and everything will
just work. However, smarter people than I have said that ignoring the
Content-type is a potentially rich source of security holes. Hmm, I
wonder if one could adopt a Best Practice along the lines of "respect
the Content-type header unless it's text/xml which is obviously a sign
of someone who was completely clueless about setting their Content-type
header." -Tim